Working on creating a tool to log kernel events to get better understanding of ETW.
I used the below MS sample to create a kernel logger session and added the opentrace/processtrace/closetrace apis in the middle(before the cleanup label) to consume the events.